On Fri, 2006-05-05 at 08:21 +0530, Rahul Sundaram wrote: > On Fri, 2006-05-05 at 02:51 +0300, Gilboa Davara wrote: > > > Jeremy, > > > > I'm not trying to point fingers and/or throw mud. > > My question is, will it be possible to find a mid-route, which combines > > the shortest possible vulnerability period with a minimal risk of having > > DOA machines? You'd agree that having 1000s of DOA machines doesn't > > really sit well with Fedora's mission statement... > > (Though, in Dave's defense, a machine that doesn't boot is a machine > > which cannot be compromised ;)) > > What do you think is the "mid-route" for time critical security fixes? > > Rahul > A couple of options: * Setup security-update-testing repo; recruit a small group of users to do basic sanity checks on each make-or-break release. This group should have: A. enough time on their hands. B. be available to check update on the short notice. * Setup a sanity check farm at RH QA. Do automated sanity checks before pushing them into -updates. And my favorite: Setup a security-update-testing repo, pushing only urgent security upgrade into this repo. Post a message in fedora-users, fedora-packages and/or fedora-news message every-time a new urgent upgrade is available. People which are effected by the security advisory will have the choice to use this repo, risking crash/burn/what-ever while people which are not effected by the advisory (in most cases, home users, workstations) will be able to sit it out till it get tested and pushed to -updates. By splitting updates-testing in half, you can selectively decide on which edge of the blade you're willing to live. Gilboa -- fedora-test-list mailing list fedora-test-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-test-list